I am a newbie in Splunk and trying to do some search using the rex.
The log body is like:
Dest : aaa
I searched online and used some command like ' rex field=_raw "(?s)Dest : (?.*)" ' or (?smi), but it wasn't what I wanted.
I need the output to only get the table like
Is there any way to do that?
Thank you very much in advance!